Re: address@hidden: security: url-cookies file stored world-readable, al

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: address@hidden: security: url-cookies file stored world-readable, al

From:	Glenn Morris
Subject:	Re: address@hidden: security: url-cookies file stored world-readable, allowing session hijacking]
Date:	Sat, 08 Dec 2007 20:38:09 -0500
User-agent:	Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

> I just noticed that ~/.url/cookies was world-readable, and its parent
> directory was world-readable, exposing the cookies emacs held to the
> outside world, which allows for a session hijacking attack.

I can fix this. Should ~/.url be private, or just certain files within
it (cookies, history, what else)?

[Prev in Thread]

Current Thread

[Next in Thread]

address@hidden: security: url-cookies file stored world-readable, allowing session hijacking], Richard Stallman, 2007/12/03
- Re: address@hidden: security: url-cookies file stored world-readable, allowing session hijacking], Glenn Morris <=
  - Re: address@hidden: security: url-cookies file stored world-readable, allowing session hijacking], Daniel Kahn Gillmor, 2007/12/10

Prev by Date: Re: precedence of auto-mode-alist and magic-fallback-mode-alist
Next by Date: Re: nXML mailing list
Previous by thread: address@hidden: security: url-cookies file stored world-readable, allowing session hijacking]
Next by thread: Re: address@hidden: security: url-cookies file stored world-readable, allowing session hijacking]
Index(es):
- Date
- Thread